Discussion: View Thread

Expand all | Collapse all

Fw: Urgent Cyber Security Advisory: Kaseya VSA Supply-Chain Ransomware Attack

  • 1.  Fw: Urgent Cyber Security Advisory: Kaseya VSA Supply-Chain Ransomware Attack

    Posted 07-06-2021 07:59 AM
    Good morning, I hope you all had a nice weekend. I'm forwarding along this notice at the request of Robert Bastani at HHS. Let me know if you have any questions and I'll pass them along.
    From: Bastani, Robert (OS/ASPR/SIIM) <Robert.Bastani@hhs.gov>
    Sent: Friday, July 2, 2021 11:43 PM
    To: Angie McPherson <amcpherson@naccho.org>
    Subject: FW: Urgent Cyber Security Advisory: Kaseya VSA Supply-Chain Ransomware Attack
     

    Please share with your IT and Cyber community as soon as possible.

     

     

    Bob Bastani, CISSP, CISM, CRISC

    Senior Cyber Security Advisor

    Healthcare and Public Health Sector

    Critical Infrastructure Protection

    Assistant Secretary for Preparedness and Response (ASPR)

    Department of Health and Human Services (HHS)

    W: (202) 691-2080

    C: (202) 853-7965

    Robert.Bastani@HHS.GOV

     

    The information contained in this electronic e-mail transmission and any attachments are intended only for the use of the individual or entity to whom or to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this communication is not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, you are hereby notified that any dissemination, distribution, copying or disclosure of this communication and any attachment is strictly prohibited. If you have received this transmission in error, please notify the sender immediately by telephone and electronic mail, and delete the original communication and any attachment from any computer, server or other electronic recording or storage device or medium.

     

    From: Bastani, Robert (OS/ASPR/SIIM)
    Sent: Friday, July 2, 2021 11:25 PM
    To: HSCC-CWG-FULL (HSCC-CWG-FULL@LISTSERV.NHISAC.ORG) <hscc-cwg-full@listserv.nhisac.org>; 'Rice, Terry' <terence_rice@merck.com>; Greg Garcia (greg.garcia@HealthSectorCouncil.org) <greg.garcia@HealthSectorCouncil.org>; Theresa Meadows <Theresa.Meadows@cookchildrens.org>; Schwartz, Suzanne (FDA/CDRH) <Suzanne.Schwartz@fda.hhs.gov>; Wilkerson, Jessica (FDA/CDRH) <Jessica.Wilkerson@fda.hhs.gov>
    Cc: HC3 Management <HC3-mgmt@hhs.gov>; Falcon, Jessica (OS/ASPR/SIIM) <Jessica.Falcon@hhs.gov>; Laura Wolf (OS/ASPR/SIIM) (Laura.Wolf@hhs.gov) <Laura.Wolf@hhs.gov>; CORMAN, JOSHUA <joshua.corman@cisa.dhs.gov>; William Welch (OS/ASA/OCIO) (William.Welch@hhs.gov) <William.Welch@hhs.gov>; Deleon, Luis (OS/ASPR/SIIM) <Luis.Deleon@hhs.gov>; Czarzasty, James (OS/ASPR/EMMO) <James.Czarzasty@hhs.gov>; Wilkerson, Jessica (FDA/CDRH) <Jessica.Wilkerson@fda.hhs.gov>; Rahul Gaitonde (Rahul.Gaitonde@hhs.gov) <Rahul.Gaitonde@hhs.gov>; Allen, Shaun (OS/ASPR/SOC) <Shaun.Allen@hhs.gov>; Peitzman, Matthew (OS/ASPR/SOC) <Matthew.Peitzman@hhs.gov>; Kevin (OS/ASPR/SIIM) Dang (CTR) (Kevin.Dang@hhs.gov) <Kevin.Dang@hhs.gov>; Moeller, Jeffrey (OS/ASPR/SIIM) <Jeffrey.Moeller@hhs.gov>; OS Secretarys Operations Center <hhs.soc@hhs.gov>; SOC Information Management Section Chief (OS/ASPR) <SOC.IM@hhs.gov>; Caitlin Force (Caitlin.Force@hhs.gov) <Caitlin.Force@hhs.gov>; Jenkins, Robert (OS/ASPR/SOC) <Robert.Jenkins@hhs.gov>; Ospina, Juan (OS/ASPR/SOC) <Juan.Ospina@hhs.gov>; Brackins, Thomas (OS/ASPR/SOC) <Thomas.Brackins@hhs.gov>; Cupples, John (OS/ASPR/SOC) <John.Cupples@hhs.gov>; Dokong, Rhibano (OS/ASPR/SOC) <Rhibano.Dokong@hhs.gov>; OS CIP (HHS/OS) <CIP@hhs.gov>
    Subject: Urgent Cyber Security Advisory: Kaseya VSA Supply-Chain Ransomware Attack
    Importance: High

     

    CISA is tracking a new critical issue with Kaseya RMM tool. This is of interest since this tool is used widely in the healthcare sector. CISA has an initial post on  website, Kaseya VSA Supply-Chain Ransomware Attack |  . CISA is taking action to understand and address the supply-chain ransomware attack against Kaseya VSA and the multiple #MSPs that employ VSA software and recommends  immediate review of  the Kaseya advisory and guidance to shutdown VSA servers.

     

    Related Information:

     

     

     

     

    Bob Bastani, CISSP, CISM, CRISC

    Senior Cyber Security Advisor

    Healthcare and Public Health Sector

    Critical Infrastructure Protection

    Assistant Secretary for Preparedness and Response (ASPR)

    Department of Health and Human Services (HHS)

    W: (202) 691-2080

    C: (202) 853-7965

    Robert.Bastani@HHS.GOV

     

    The information contained in this electronic e-mail transmission and any attachments are intended only for the use of the individual or entity to whom or to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this communication is not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, you are hereby notified that any dissemination, distribution, copying or disclosure of this communication and any attachment is strictly prohibited. If you have received this transmission in error, please notify the sender immediately by telephone and electronic mail, and delete the original communication and any attachment from any computer, server or other electronic recording or storage device or medium.

     

    From: US-CERT <US-CERT@ncas.us-cert.gov>
    Sent: Friday, July 2, 2021 5:05 PM
    To: Bastani, Robert (OS/ASPR/SIIM) <Robert.Bastani@hhs.gov>
    Subject: Kaseya VSA Supply-Chain Ransomware Attack

     

    You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

    07/02/2021 04:44 PM EDT

     

    Original release date: July 2, 2021

    CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers. 

    This product is provided subject to this Notification and this Privacy & Use policy.

    Having trouble viewing this message? View it as a webpage

    You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA)
    Manage Subscriptions   |  Privacy Policy   |  Help

    Connect with CISA:
    Facebook   |  Twitter   |  Instagram   |  LinkedIn   |   YouTube

    This email was sent to robert.bastani@hhs.gov using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202